In my opinion Tres's way is the correct one for this case Why? Because the original must be is to run the script only for internal processes
The main diference between an internal call and a user one is the REQUEST parameter and then the Tres's solution seems the more convenient way It's only my opinion 2009/4/28 Jaroslav Lukesh <luk...@seznam.cz> > Why? It is more transparent and better way - use security tab. > > > ----- Original Message ----- > From: "Tres Seaver" <tsea...@palladion.com> > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Pedro LaWrench wrote: > >> I need to do something on the filesystem, which requires unrestricted > >> python, so I created an external method. The problem is that anyone > >> can call that directly via URL, so I added a permission check. Even > >> then, users with the sufficient permissions can call this via URL, > >> which I don't want them to do. I only want them to have access > >> indirectly from other pages (such as a page template that will pass > >> sane parameters). Is there anyway to do this? > > > > Add a REQUEST argument to your function, defaulting to None. The > > publisher will always pass the request in for that argument, while the > > other templates / scripts should not. E.g.: > > > > def doSomething(self, REQUEST=None): > > """ Don't call me directly via a URL!!! > > """ > > if REQUEST is not None: > > raise ValueError('Wicked, evil, naughty Zoot!') > > _______________________________________________ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > -- Mis Cosas http://blogs.sistes.net/Garito Zope Smart Manager http://blogs.sistes.net/Garito/670
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )